Robert Siciliano's Open Salon Blog

Use Cases for NFC in non-payment scenarios. Where else will we see this technology flourish?

Mon, 9 Apr 2012 22:04:36 -0400

Near Field Communications (NFC), is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of smartphones will have NFC capability by 2015.

But not all NFC revolves around mCommerce. The usage of NFC for identity documents and keycards are widely deployed.

And then theres FeliCa, is a contactless technology that is widely deployed in Asia for public transportation, access management, event ticketing, customer loyalty programs and micropayments. As of March 2011, there were over 516 million units of FeliCa IC Chips worldwide, incorporated in 346 million cards and 170 million mobile phones. Gemalto and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally.

“With FeliCa’s proven commercial adoption particularly in the Asian markets, we strongly believe that our agreement with Sony will enable Gemalto to build the foundation for significant expansion for both companies at a global scale,” added Tan Teck-Lee, Chief Innovation & Technology Officer and Asia President of Gemalto. “Gemalto’s UpTeq NFC SIM is set to trigger the mass deployment of mobile NFC services now, while providing operators the flexibility to expand their offer in the longer term.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Happens to Your Profile After You Die?

Mon, 9 Apr 2012 20:04:52 -0400

If you were hit by a bus, and passed on to whatever heaven might exist, would you care about your Facebook page? Probably not. But your loved ones more than likely would. Things like email, websites, and social media profiles are considered “digital assets,” which may have some monetary value, but for the most part offer sentimental value to the family of the deceased.

I went to high school with a darling young woman who passed away at far too young an age. Her Facebook page sees a lot of activity. Not a day goes by that someone doesn’t make use of this forum to leave a message telling her they love her. It’s quite nice to visit her page and witness this outpouring of affection.

When Facebook is informed that a profile’s owner has passed away, the account is memorialized, which means that nobody can access or edit the account, nor can any new friends be accepted, but people can still post messages and comments.

However, the inability to access an account might pose a burden to the family of the deceased, who might wish to learn more about their loved one or need administrative abilities in order to access crucial information, alert loved ones, or even finalize the deceased’s affairs.

The Associated Press reports, “Now lawmakers and attorneys in at least two states are considering proposals that would require Facebook and other social networks to grant access to loved ones when a family member dies, essentially making the site contents part of a person’s digital estate. The issue is growing increasingly important as people record more thoughts and experiences online and more disputes break out over that material.”

Facebook currently provides an online form that can be used to report a user’s death. “If prior consent is obtained from or decreed by the deceased or mandated by law,” Facebook will provide the family of the deceased with a download of all account data.

Though you may not particularly care to acknowledge it, now might be a good time to instruct a trusted friend or family member on how to access your various social media assets in the event that something bad should happen.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Banking – How to Balance Security and Convenience With Online and Mobile Banking

Thu, 5 Apr 2012 13:04:04 -0400

Users of online and mobile banking know that financial institutions have a layered security approach in place. Those layers include multifactor-authentication, which may mean requiring users to punch in a second security code or carry a key fob, as well as due diligence in identifying customers as real people whose identities haven’t been stolen, and consumer education.

These multilayers may not always be convenient, but they certainly are geared towards making your online banking experience more secure.

Both mobile and online banking reduces time and expenses by allowing customers to review transactions, transfer funds, pay bills, and check balances online or over your mobile carriers network from anywhere.

Enhanced security with SMS transaction notifications and the ability to turn card accounts on or off, and new technologies like mobile check deposit, in which you simply take a cell phone picture of the check, are contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace ATMs and credit cards.

As convenient as this is, you still need to consider security.

Set a passlock to access your mobile that times out in one minute.

Set your computer’s operating system to automatically update critical security patches.

Keep your mobile operating system updated.

Make sure your firewall is turned on and protecting two way traffic.

Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.

Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network.

Never click links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.

Beware of SMiShing which is like phishing but it’s in the form of malicious text messages.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How safe is my identity? What are the latest threats? How do I protect myself?

Mon, 2 Apr 2012 13:04:15 -0400

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Identity theft occurs when someone takes your personally identifiable information (PII), and misuses it, abuses it, and adapts it to his or her own life, often for financial gain.

From the report:

Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010.
One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.
Javelin examined social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud.
Consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity
68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—all are prime examples of personal information
Those with public profiles (those visible to everyone) were more likely to expose this personal information
Seven percent of smartphone owners were victims of identity fraud. 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost
67 percent increase in the number of Americans impacted by data breaches compared to 2010

Protect yourself:

Lock down your PC with antivirus, antispyware and antiphishing. Update your computers operating systems critical security patches.

Keep social media professional. Once you start sharing every aspect of your life online, you begin to give away some answers to knowledge based questions to reset account passwords.

Watch your accounts closely. Look at your statements online weekly for unauthorized activity. Report fraud immediately.

Get identity theft protection and/or a credit freeze.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cloud Computing Security: Small Business Data in the Cloud

Fri, 30 Mar 2012 13:03:31 -0400

Over the last decade many computing tasks that were developed to be performed locally on and office PC have now moved to the cloud such as contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

“The cloud,” as it relates to technology, refers to millions of internet connected servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices.

These servers may be used to back-up your small business data, host email, documents, files, and offer up software as a service.

Cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

The cloud computing security guide from Intel provides practical steps to help IT managers plan cloud computing security, with recommendations for strengthening cloud platform and data center infrastructure implementations.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures